290k+ users possibly affected in North Dakota University breach

Hackers have managed to access and to apparently misuse one of the servers used by the North Dakota University System, but there is no evidence that they made off with the personal information stored on it. Nevertheless, the University is notifying potentially affected users and offering them identity protection services for free.

“Records of more than 290,000 current and former students and about 780 faculty and staff resided on the server. No credit card or bank account information was contained in the records,” the University said in a statement released last week.

“The suspicious activity was discovered on Feb. 7, and the server was immediately locked down. A thorough internal investigation and forensic analysis was conducted to understand the cause and scope of the incident. Law enforcement has been contacted, and the server information was also sent to a national forensic organization to confirm the internal analysis.”

According to the FAQ section they provided, the attacker(s) compromised existing login accounts to gain access to the server, but it’s yet unknown how they managed to do that.

“Based on the forensic investigation, it is likely the intruder’s intent was only to use the server’s processing power to launch attacks on other computers and systems. The intruder may not have even been aware that the sensitive information was stored on this server,” they noted, and added that the attacker was “an entity operating outside the United States.”

The affected server contained the name, Social Security number, and other student information for 291,465 current and former students including some Fall 2014 applicants, as well as the SS number and employee ID number for 784 faculty and staff members.

Apparently, the compromised dates back to October 2013.

No fraudulent use of anyone’s personal information has yet been detected, but potentially affected users are advised to be on the lookout for phishing emails nevertheless.

“In response to incidents like this one and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information. To support this effort, NDUS removed all access to the affected server and revalidated each individual user, initiated more stringent intrusion detection measures, and developed a taskforce to address how we access data even more securely,” they shared, and added that each user affected in the breach will be provided identity protection services by for the next 12 months at no cost.